4602 matches found
FreeRDP 安全漏洞
FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a heap buffer overflow vulnerability. The vulnerability arises due to an out-of-bounds heap memory write due to a bmpSize synchronization error in the persistent cache. An attacker can...
CVE-2026-28503
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...
CVE-2026-28503
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
CVE-2026-28503
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
CVE-2026-32524
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...
CVE-2026-33159
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...
CVE-2025-64998
Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
EUVD-2026-16162
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
Mattermost has an Incorrect Authorization issue
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
GHSA-G7FP-CQJ5-X8HF Mattermost has an Incorrect Authorization issue
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
CVE-2026-4274
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
CVE-2026-4274
Mattermost CVE-2026-4274 affects multiple release lines: 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, and 11.3.x
CVE-2026-4274 Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
CVE-2026-4274
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
CVE-2026-4274 Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to an entire private team instead of only the shared...
PT-2026-28642
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0 through 11.3.1 Mattermost versions 11.4.0 Description The software does not properly restrict team-level access when processing...